...
1 package edgeinjector
2
3 import (
4 "context"
5 "fmt"
6
7 "k8s.io/apimachinery/pkg/runtime"
8
9 "edge-infra.dev/pkg/edge/datasync/couchdb"
10 "edge-infra.dev/pkg/lib/fog"
11
12 corev1 "k8s.io/api/core/v1"
13
14 "sigs.k8s.io/controller-runtime/pkg/client"
15 )
16
17 var (
18 allowedRoles = []string{couchdb.ReadOnlyUser, couchdb.CreateViewUser}
19 )
20
21 type CouchUserField string
22
23 const (
24 Username = CouchUserField("COUCHDB_USER")
25 Password = CouchUserField("COUCHDB_PASSWORD")
26 URI = CouchUserField("COUCHDB_URI")
27 )
28
29 type CouchUserWebhook struct {
30 client.Client
31 }
32
33 func (c *CouchUserWebhook) Default(ctx context.Context, obj runtime.Object) error {
34 log := fog.FromContext(ctx).WithValues("name", "CouchDBUserWebhook")
35
36 pod, ok := obj.(*corev1.Pod)
37 if !ok {
38 err := fmt.Errorf("expected a Pod but got a %T", obj)
39 log.Error(err, "not a pod")
40 return err
41 }
42
43 log = log.WithValues("pod", client.ObjectKeyFromObject(pod))
44
45 if SecretLabelValue(pod, CouchDBSecret) != "" {
46 log.Info("pod couch secret label found")
47 return nil
48 }
49
50 ctx = fog.IntoContext(ctx, log)
51 InjectSecret(ctx, pod, CouchDBSecret, map[string]string{
52 string(Username): couchdb.SecretUsername,
53 string(Password): couchdb.SecretPassword,
54 string(URI): couchdb.SecretURI,
55 })
56
57 log.Info("successfully injected couchdb user secret environment variables")
58 return nil
59 }
60
View as plain text